Table of Contents

The Rise of Account Fraud in the Wake of the SVB and Signature Bank Collapse & How to Stop It 

In the wake of the Silicon Valley Bank (SVB) and Signature Bank collapse, there was an immediate scramble to move money. Businesses and individuals rushed to open new accounts at other banks and wanted it to happen tout de suite. But increased onboarding volumes caused more than a few logjams. Banks were under pressure to expedite their customer due diligence (CDD) process, verify identities and validate data more quickly than usual. When there’s so much money on the line, tensions are high, patience is thin and mistakes are bound to happen.

This is precisely the type of chaos that cybercriminals see as an opportunity. In the midst of high onboarding volumes, several financial institutions experienced security incidents last weekend, according to a source at Ernst & Young. It’s a stark reminder that banks need to do more to secure the onboarding process and ensure Know Your Customer (KYC) and Anti-money Laundering (AML) compliance. 

In this blog post, we’ll explore how fraudsters are able to create fake identities and what steps businesses can take to prevent identity theft and associated losses. But first, we’ll explain what fraudsters are doing to trick even the sharpest trained eye and bypass document verification solutions. In this frothy environment, we can expect to see more deceptive account opening fraud.

Even banks have an identity problem

Verifying and validating the identity data provided by new banking customers is crucial to prevent fraud during account opening. It’s best to stop them at the front door, long before they attempt to open new lines of credit, launder money or lay the groundwork for attacks downstream. Banks also need a way to proof identities quickly — not in days, but minutes. 

Did you know there are three unaffiliated financial institutions named Signature Bank in the US? I mention it simply because it encapsulates the mayhem of the moment. On Sunday, ABC News mistakenly used the wrong Signature Bank logo, belonging to the bank headquartered in Illinois instead of the one in New York. A third Signature Bank is based in Arkansas. As you can imagine, these other Signature Banks are now working overtime to assure customers that their financials are solid and their money is safe.

This moment is ripe for identity fraud

It’s a chaotic time. And similar to the confusion created by the name Signature Bank, fraudsters intentionally muddle the identity proofing process by opening accounts using common names, like John Smith or Ashley Jones. This tactic makes background checks and data validation much more difficult, especially since traditional services and manual approaches to identity proofing are already prone to errors. By using tricks like this, fraudsters can improve their chances of succeeding.

How cybercriminals create fake identities 

Malicious actors are using online ID services to purchase highly sophisticated fake IDs, often using a combination of real and fake data. They obtain personal data from a variety of sources, including data breaches, phishing scams and online hacker forums. In 2022, there were over 4,000 known data breaches worldwide, resulting in over 22 million compromised identities. Fraudsters simply purchase this identity data to create fake IDs that appear to be legitimate.

Bypassing identity verification

Many businesses and organizations already use identity verification solutions to prevent fraud and protect their customers. These solutions are not foolproof, however, and fraudsters are constantly finding ways to bypass them.

One common method that fraudsters use is to combine real and fake information to create a synthetic identity. For example, they will use a real person’s stolen social security number (SSN), name, address and date of birth along with the fraudster’s email and phone number as a way of maintaining control of the account. If the authentication service sends an email magic link or an OTP, the imposter will be the one on the receiving end. This can make it difficult for identity verification solutions to detect the fraud, as most of the information appears legitimate.

Another method that fraudsters use is to create multiple synthetic identities using stolen identity information. For example, they might use the same name, address and SSN for multiple fake identities, each with different birth dates, email addresses and phone numbers. This can complicate fraud detection, as each synthetic identity appears to be a different person. The majority of identity verification solutions today are failing to detect these high-quality fake IDs that use real identity information.

How to prevent account fraud

For banks and other businesses, it’s important to implement robust identity verification and data validation solutions that are designed to detect and prevent fraud. These solutions should use multiple data sources and methods to verify the identity of customers, including information from government-issued IDs, social media profiles, and public records.

In addition, businesses and organizations should stay up-to-date with the latest fraud prevention techniques and be aware of new, innovative methods that fraudsters are using to create synthetic identities and fraudulent accounts. It can be hard to keep up, so companies must rely on identity proofing vendors with true cybersecurity expertise, and there aren’t many of those.

How to detect fake IDs with greater accuracy

At Transmit Security, our threat researchers are cybersecurity experts who continually scour the dark web, social media, closed forums and open-source websites to analyze new fraud methods. They immediately apply new detection algorithms to stop new threats when they first emerge. This is essential for detecting fake IDs and fraudulent account opening with greater accuracy, but that’s just the tip of the iceberg.

How identity proofing services secure and expedite onboarding: 

Transmit Security Identity Verification proves the user is who they claim to be with cloud-native services that rapidly verify:

  1. The user’s government-issued ID is real and valid 
  2. The selfie of the individual is a legitimate, live person
  3. The user is the same person associated with the verified ID
  4. The individual is not on a global sanctions watch list

All of this happens in only a few minutes, not hours or days. You’ll rapidly increase assurance while reducing the costs and complexity associated with outdated ID proofing methods. 

Embedded security features
With the power of machine learning and AI, Identity Verification Services check dozens of security features present on the document, inspecting every detail from holograms and laser engravings to photo dimensions, corners and edges. 

Extracted data such as Document Number, Personal Number, etc. is checked to assure it’s in the correct font and the correct format, such as MM/DD/YYYY instead of DD/MM/YYYY. 

The Rise of Account Fraud in the Wake of the SVB and Signature Bank Collapse & How to Stop It  - baUkNxpVZTAr lQzc6dBj1V8wWs2 QqBiprF2fC2I4A0f6be0tPd3TcpHdgVM75aVOtxf5omzvsNVN5Ltw4N7PRmtd8CjMrIuFYZXntJjrwPYm2xkWZjRQNN0 7gNmyrK13jHT crTr09yDkT9yX7A

Selfie verification
In order to ensure the user’s selfie is legitimate, Identity Verification performs biometric facial matching with the photo on the government-issued ID. It also performs a selfie liveness check to make sure it’s legitimate and not any of the following: 

  • Printed photos
  • Video replays 
  • High-end silicone masks
  • Photos on screen
  • Face cutouts
  • Realistic mannequins

Time is of the essence

By performing a thorough analysis in just a few minutes, you can minimize friction for good customers and increase enrollment. In use cases where customer friction needs to be eliminated from the onboarding process, you can configure Data Validation to serve as your first line of defense  and only trigger the Identity Verification process when risk is detected.

Transmit Security Data Validation is a form of “passive” identity proofing that’s instant and effortless for the customer. It prevents account opening fraud by assessing the validity of data users submit when they enroll. It’s fully automated and returns results in less than a second. For legitimate customers, you’ll secure and expedite onboarding with an easy, welcoming experience.

Data Validation Services in a single API:

  • Ensures the user’s name, address, email, phone number, date of birth and social security number (SSN) are valid & strongly associated with their identity 
  • Checks the user’s device risk and email reputation
  • Runs background checks by scanning watchlists, credit bureaus and more
  • Lets you select the data sources and set rules for automated decisioning 

Both identity proofing services can be implemented as part of the Transmit Security Platform, a complete customer identity and access management (CIAM) solution with best-in-class cloud-native services built for endless scale and high performance. 

It’s time to put an end to the complicated and time-consuming identity and data validation checks that let too many fraudsters slip through the cracks. With developer-friendly APIs, you can quickly implement our security services to address a rapidly growing fraud problem and easily comply with global regulations like KYC and AML. Robust identity proofing services protect your company and your customers while speeding the customer due diligence process.